I'm trying to migrate and existing firewall config to Astaro, have a few setup question with the interface routing, and one routing question about the external machines. This is Astaro 5.1, 2 NICs in the machine.
The current topology:
.1 (router and gateway)
[ switch ] - .X (random machines outside fw)
.2 eth0
[ firewall ]
.2 eth1
[ switch ] - .X (random machines inside fw)
So, the firewall aliases both the internal and external NICs as .2, making it transparent. The routing table looks like so:
eth0 .2 .0 255.255.255.0 .1
eth1 .2 .0 255.255.255.0 none
(where it's interface-ip-broadcast-netmask-gateway), it's a real class C - no NAT, all one subnet.
So, I'm trying to configure Astaro to be somewhat the same:
1) can both the internal and external interfaces share the same IP like my current firewall? or do they need to be two IPs?
2) where does the gateway entry go in Astaro - on the external interface where the real gateway is like my current firewall, or on the internal interface? (astaro will not allow me to enter it in both places)
3) do any special routes need to be setup, based on the answers to #1 and #2? (I don't think so, this should be handled already - forward between interfaces, gateway)
4) do I turn on Proxy ARP on the internal interface? (I think Yes, but would like verification) To my knowledge, the internal interface has to ARP all IPs except the ones listed in the external configuration, which leads me to the last part.
Last one: for the random machines outside the firewall, I added a host definition for each IP address, then added a static route to the > for each host definition. Is this the proper way to do it? Is there some other way to configure it that I overlooked?
thanks for any help!
-te
This thread was automatically locked due to age.
